Analysis

  • max time kernel
    6s
  • max time network
    1s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    21/05/2024, 17:58

General

  • Target

    iis_Stubid_paid (1).exe

  • Size

    16.2MB

  • MD5

    b0390b2488b4f2fe71ff9badd4d5219a

  • SHA1

    50bb096b3b565316f3764af232d6c4604102708c

  • SHA256

    a0e3177a4bd9def7cae2c3dd62a40f3cb6cfaa18296b08a452bd5264f513fa04

  • SHA512

    012096e33398973b691d820d0696c3ebdd2ecd3d6534cae29dd3ac632d97dacc38f10ba30aa8637a7426dea3a8c8480680215e28185ae15950c6497085ef0e3c

  • SSDEEP

    393216:Bo9DM45CD55L1V8dkurEUWj+rPEyDwREGPKkFbuK+:W9N+XRndbmMyDwR4k8K+

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\iis_Stubid_paid (1).exe
    "C:\Users\Admin\AppData\Local\Temp\iis_Stubid_paid (1).exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1972
    • C:\Users\Admin\AppData\Local\Temp\iis_Stubid_paid (1).exe
      "C:\Users\Admin\AppData\Local\Temp\iis_Stubid_paid (1).exe"
      2⤵
      • Loads dropped DLL
      PID:2640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI19722\python312.dll

    Filesize

    1.7MB

    MD5

    fb8bedf8440eb432c9f3587b8114abc0

    SHA1

    136bb4dd38a7f6cb3e2613910607131c97674f7c

    SHA256

    cb627a3c89de8e114c95bda70e9e75c73310eb8af6cf3a937b1e3678c8f525b6

    SHA512

    b632235d5f60370efa23f8c50170a8ac569ba3705ec3d515efcad14009e0641649ab0f2139f06868024d929defffffefb352bd2516e8cd084e11557b31e95a63

  • C:\Users\Admin\AppData\Local\Temp\_MEI19722\ucrtbase.dll

    Filesize

    1021KB

    MD5

    69b307d27ae7c40392481d67a4f9ba50

    SHA1

    d99919d236475ea4b3f63aa035577334e2b50372

    SHA256

    a7b514013b5786bdfb345c220a0a3e2ac3e5de4af21eacfa48a9fbb4e1370a02

    SHA512

    ce47748a792aa1e8b5eabfa185f11fc5808078c8e922d0946f6db06c4526eb39f3cd1b9836c938bd6e358a22c9207e888838af13f4ad81817589a5e175a76213

  • memory/2640-110-0x000007FEF5F80000-0x000007FEF6645000-memory.dmp

    Filesize

    6.8MB